CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 2 of 2

Thread: R71.30 - R75.40 upgrade on Smart-1 50s in HA Management mode

  1. #1
    Join Date
    2010-03-18
    Posts
    6
    Rep Power
    0

    Default R71.30 - R75.40 upgrade on Smart-1 50s in HA Management mode

    Hi,

    I'm going to be upgrading our Check Point estate and am looking for some pointers. We currently run 2 Smart-1 50 Management servers in Management HA mode. These manage 21 IP appliance gateways, 2 of which are IPSO VRRP clusters. The Management servers are running :
    2.6.18-92cp #1 SMP Wed Oct 27 15:39:23 IST 2010 i686 i686 i386 GNU/Linux

    which I assume is SPLAT 6.2. The mixed model IP appliances are all running :
    6.2-GA039 releng 1 04.14.2010-225515 i386

    and both management and gateway are running R71.30.

    I want to upgrade to R75.40, or is there a benefit to moving to R75.45? And my main prioirity is getting the Managament HA pair done first so I can introduce 4 more 2012 gateways running R75.40 or if I do go to R75.45 on the Management, the R75.45.

    Having done some reading of the CP_R75.40_Installation_and_Upgrade_Guide.pdf, it would appear I can go straight from R71.30 to R75.40. But if I run the upgrade path tool on the Check Point site here :- https://supportcenter.checkpoint.com...wupgradewizard it states that I should upgrade to R75.20 and then R75.40. Which one should I follow?

    As the Management servers are running SPLAT, I should try and futureproof them by upgrading their OS to GAIA (any downsides to this?) - I presume all the configuration data is preserved during the upgrade?

    One last question, as they are in Management HA mode, do I upgrade the local primary and leave the secondary lagging on R71.30? From what I have read, I'll need to attend the secondary and attach a DVD drive to do the upgrade - is this right?

    Thanks in advance

    Keith

  2. #2
    Join Date
    2010-03-18
    Posts
    6
    Rep Power
    0

    Default Re: R71.30 - R75.40 upgrade on Smart-1 50s in HA Management mode

    Well I went ahead with the upgrade following the wizards suggstions -

    R71.30 (SPLAT) -> R75.20 (SPLAT) tested database access and all looked OK
    R75.20 (SPLAT -> R75.40 (Gaia) tested database access and all OK again.

    I did the primary first using the upgrade option in the gui and was impressed that it was all gui driven this time. It runs the pre-upgrade verifier, then ensures you take a snapshot and then performs the upgrade (on both upgrade steps). Then a day later I upgraded the secondary and successfully synchronised them afterwards.

    All data (logs and even some OS files) are preserved in the SPLAT to Gaia upgrade and the webui packages ran fine as I said - no need for a local drive installation.

    Issues to be aware of

    The webui upgrade package to R75.40 Gaia installs an early release of gaia which doesn't have all the features of what is known as gaia+, which importantly includes scheduled backups! A full list of fixes in gaia+ is here (implying that they don't work in gaia) :-

    https://supportcenter.checkpoint.com...oduct=Security

    I've managed to get around the backup issue by craeting a simple bash script which calls clish to add a backup job. This is called by the job scheduler every week. The script will run as long as no one is using the gui at the time (i.e. locking the config database).

    Smart console client R75.40 not working on Windows 7 Enterprise 32-bit SP1. The client launches and prompts for credentials, connects to server and then crashes. The client works fine on a Windows 2008 R2 Standard SP1 terminal server.

    The items configured via CLI on the initial R71.30 SPLAT OS don't carry across - things like SNMP. This has to be setup again which is no great hassle as it's all done via the gui. Plus timezone configuration didn't carry too.

    Maybe this'll help someone else.

Similar Threads

  1. R71.30 to R75.40 upgrade path
    By borutko in forum Installing And Upgrading
    Replies: 2
    Last Post: 2012-10-30, 08:28
  2. Upgrade Security Management gateway from R71.45 to R75.40
    By OleksandrBolshov in forum Check Point SecurePlatform (SPLAT)
    Replies: 1
    Last Post: 2012-09-03, 08:55
  3. Upgrade Management from R71.30 to R75 on VMware
    By Animal in forum Management High Availability
    Replies: 1
    Last Post: 2012-05-17, 07:08
  4. Replies: 2
    Last Post: 2012-05-17, 06:53
  5. How to upgrade Check Point Multi-Domain management from R71.20 to R75.30
    By Martin Cmelik in forum Provider-1 (Multi-Domain Management)
    Replies: 0
    Last Post: 2012-05-17, 06:25

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •